Full Report
Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials. "Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper," GMO Flatt Security researcher Ry0taK, who discovered the flaws
Analysis Summary
# Vulnerability: Git Credential Leakage via Crafted Protocols in Multiple Git Ecosystem Tools
## CVE Details
- CVE ID: CVE-2025-23040, CVE-2024-50338, CVE-2024-53263, CVE-2024-53858, CVE-2024-52006, CVE-2024-50349
- CVSS Score: Ranging from 2.1 (Low) to 8.5 (High)
- CWE: Multiple, primarily related to improper input validation/handling of control characters (e.g., CRLF injection).
## Affected Systems
- **Products:** GitHub Desktop, Git Credential Manager (GCM) NuGet package, Git LFS, GitHub CLI (`cli`), and core Git (`git`).
- **Versions:** Specific vulnerable versions for each CVE are detailed in their respective advisories, but users are generally advised to update to the latest patched versions.
- **Configurations:** Vulnerabilities often rely on specific actions, such as cloning a malicious repository, using credential helpers, or setting specific environment variables (like `CODESPACES=true` for CLI).
## Vulnerability Description
Multiple related vulnerabilities stem from improper handling or validation of control characters (specifically carriage return `\r` and newline `\n`) within remote repository URLs communicated to Git's credential helper protocol.
1. **GitHub Desktop, GCM, Git LFS:** Injecting carriage return (`\r`) or CRLF characters into crafted URLs allows an attacker-controlled host to receive credentials meant for a different, legitimate host (Carriage Return Smuggling/Injection).
2. **GitHub CLI (`cli`):** Cloning a repository with `--recurse-submodules` while environment variables (`GITHUB_TOKEN`, etc.) are set, particularly in GitHub Codespaces (`CODESPACES=true`), causes the access token to be sent to non-GitHub submodule hosts specified in the malicious URL.
3. **Core Git (`git`):** Related issues involve escape sequences in URLs tricking users into providing credentials to arbitrary sites.
## Exploitation
- **Status:** At least one vulnerability (CVE-2024-53858 in GitHub CLI) is described as being exploited when cloning within a GitHub Codespaces environment. PoC likely exists for others based on the described mechanism.
- **Complexity:** Varies. For the CLI vulnerability in Codespaces, complexity is relatively low as it triggers automatically during standard operations. Others require crafting specific URLs.
- **Attack Vector:** Network (via malicious repository clone URLs).
## Impact
Successful exploitation allows an attacker to leak a user's authentication credentials (Git credentials or access tokens) to an attacker-controlled endpoint.
- **Confidentiality:** High (Leakage of secrets/tokens).
- **Integrity:** Medium (Tokens could be used to modify repositories).
- **Availability:** Low.
## Remediation
### Patches
Users must update all potentially affected Git ecosystem components:
* **Core Git:** Update to **version v2.48.1** (patches CVE-2024-52006 and CVE-2024-50349).
* **GitHub Desktop, Git Credential Manager, Git LFS, GitHub CLI:** Refer to the vendor advisories (GHSA links provided in source) for specific patched versions of these tools.
### Workarounds
1. **Avoid Untrusted Clones:** Avoid running `git clone --recurse-submodules` against untrusted or unverified repositories.
2. **Disable Credential Helper:** For critical operations, consider avoiding the use of the credential helper by only interacting with publicly available repositories or by manually providing credentials where possible (Note: This significantly hinders operational convenience).
## Detection
- **Indicators of Compromise:** Monitoring outbound network connections initiated by `git` or related helper processes (GCM, GitHub Desktop) to unexpected external hosts immediately following a `git clone` or similar operation, especially when involving submodules.
- **Detection Methods and Tools:** Endpoint Detection and Response (EDR) tools should monitor process execution context for unusual network calls originating from Git applications or credential helper processes interacting with arbitrary external hostnames.
## References
- Vendor Advisories for CVE-2025-23040 (GitHub Desktop)
- Vendor Advisories for CVE-2024-50338 (git-ecosystem/git-credential-manager)
- Vendor Advisories for CVE-2024-53263 (git-lfs/git-lfs)
- Vendor Advisories for CVE-2024-53858 (cli/cli)
- Git Advisory for CVE-2024-52006 (git/git)
- Git Advisory for CVE-2024-50349 (git/git)
- Researcher Post: hxxps://flatt.tech/research/posts/clone2leak-your-git-credentials-belong-to-us/